Spam Choke Point Identified in Recent Research

Spam is the atherosclerosis of the Internet. Unwelcome, expensive, clogging our digital arteries with junk and potentially economically lethal malware and other digital cooties. Nearly all of today’s spam mitigation techniques address handling the crud itself. But what if you could find the economic choke point for spam itself? That’s exactly what Berkeley researchers identified in recent work.

It turned out that 95 percent of the credit card transactions for the spam-advertised drugs and herbal remedies they bought were handled by just three financial companies — one based in Azerbaijan, one in Denmark and one in Nevis, in the West Indies.

Three entities have the merchant accounts for all of that spam. That sure sounds like a choke point.

If a handful of companies like these refused to authorize online credit card payments to the merchants, “you’d cut off the money that supports the entire spam enterprise,” said one of the scientists, Stefan Savage of the University of California, San Diego, who worked with colleagues at San Diego and Berkeley and at the International Computer Science Institute.

In other words, if the issuing banks refuse to settle transactions coming from those three banks, the economic avenue for spam transactions gets cut off. While its likely spammers will find other banks to work through, identifying them wouldn’t be hard. After all, if these impoverished researchers could do it, a commercial entity could do it very well.

The real question is why hasn’t someone done this before and what are the card brands and issuing banks going to do about it? Spam costs us billions in collateral damage. Shutting off a few bad actors looks like a cheap way to gut the economic strength of the spam industry.